[OpenID] Relying Party Best Practices

Coderre, Mark CoderreM at aetna.com
Fri Mar 9 19:41:40 UTC 2007

A UUID needs to be leveraged that is portable and suitable for access
control and personalization (portable) 

-----Original Message-----
From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
Behalf Of Martin Atkins
Sent: Friday, March 09, 2007 2:24 PM
To: general at openid.net
Subject: Re: [OpenID] Relying Party Best Practices

Karl Anderson wrote:
> That's a good point, but it contradicts the Would Be Nice practice of
> allowing users to change their identifier.   I think that's more
> important - remember, users should be able to preserve their identity 
> if they switch providers.

Users should be able to preserve their *accounts* if they change
identifiers, but they can't preserve their "reputation". Just as if I
change my name by deed poll lots of my existing relationships will
become invalid, changing my OpenID identifier necessarily damages my
existing relationships and reputation.

Currently the "solution" to this problem is sites like ClaimID which
allow people to draw together all of their identifiers and other contact
points. Anyone who trusts ClaimID can use it to verify that indeed I'm
both =mart and mart.degeneration.co.uk if I tell them my
ClaimID-provided identifier.

general mailing list
general at openid.net

This e-mail may contain confidential or privileged information. If
you think you have received this e-mail in error, please advise the
sender by reply e-mail and then delete this e-mail immediately.
Thank you. Aetna

More information about the general mailing list